Initial commit - Clean public release
Sanitized for public release: - Removed all API keys, tokens, and secrets - Removed personal Discord IDs from hermes-openclaw.json - Updated git URLs to be generic placeholders - All sensitive data uses environment variable interpolation
This commit is contained in:
CeeLo Greenheart
commit
a593af9b27
34 changed files with 5646 additions and 0 deletions
185
docs/DIGITALOCEAN_SETUP.md
Normal file
185
docs/DIGITALOCEAN_SETUP.md
Normal file
|
|
@ -0,0 +1,185 @@
|
|||
# DigitalOcean Setup
|
||||
|
||||
Detailed guide for deploying OpenBoatmobile to DigitalOcean.
|
||||
|
||||
## When to Use DigitalOcean
|
||||
|
||||
| Factor | Hetzner | DigitalOcean |
|
||||
|--------|---------|--------------|
|
||||
| Price | €4.49/mo (cx23) | $24/mo (s-2vcpu-4gb) |
|
||||
| US West Coast | No | Yes (SFO2, SFO3) |
|
||||
| Documentation | Good | Excellent |
|
||||
| One-click apps | Limited | Extensive |
|
||||
| Support | Ticket | Ticket + Premium |
|
||||
|
||||
Use DigitalOcean if:
|
||||
- You're on the US West Coast (SFO has better latency than Ashburn)
|
||||
- You already have DO credits/promo codes
|
||||
- You prefer DO's documentation and ecosystem
|
||||
|
||||
## Create DigitalOcean Account
|
||||
|
||||
1. Go to [DigitalOcean](https://www.digitalocean.com/)
|
||||
2. Sign up
|
||||
3. Add a payment method ($5 minimum)
|
||||
|
||||
## Create API Token
|
||||
|
||||
1. Go to [DO API Settings](https://cloud.digitalocean.com/account/api/tokens)
|
||||
2. Click **Generate New Token**
|
||||
3. Name it (e.g., "openclaw-terraform")
|
||||
4. Permissions: **Read & Write**
|
||||
5. Copy the token immediately (shown only once)
|
||||
|
||||
## Add SSH Key
|
||||
|
||||
1. Go to [DO Security Settings](https://cloud.digitalocean.com/account/security)
|
||||
2. Click **Add SSH Key**
|
||||
3. Paste your public key contents:
|
||||
```bash
|
||||
cat ~/.ssh/id_ed25519.pub
|
||||
```
|
||||
4. Give it a name
|
||||
5. Click **Add SSH Key**
|
||||
|
||||
### Get the Fingerprint
|
||||
|
||||
Terraform needs the fingerprint, not the name:
|
||||
|
||||
```bash
|
||||
ssh-keygen -lf ~/.ssh/id_ed25519.pub
|
||||
# Output: 256 SHA256:abc123... your@email.com (ED25519)
|
||||
```
|
||||
|
||||
The fingerprint is the part after `SHA256:` and before the email.
|
||||
|
||||
```bash
|
||||
TF_VAR_ssh_key_fingerprints='["abc123..."]'
|
||||
```
|
||||
|
||||
## Choose a Region
|
||||
|
||||
| Code | Location | Notes |
|
||||
|------|----------|-------|
|
||||
| `nyc1` | New York | US East |
|
||||
| `nyc3` | New York | US East (recommended) |
|
||||
| `sfo2` | San Francisco | US West |
|
||||
| `sfo3` | San Francisco | US West |
|
||||
| `ams3` | Amsterdam | Europe |
|
||||
| `lon1` | London | Europe |
|
||||
| `sgp1` | Singapore | Asia |
|
||||
|
||||
## Configure OpenBoatmobile
|
||||
|
||||
### Minimal Configuration
|
||||
|
||||
In `terraform.tfvars`:
|
||||
|
||||
```hcl
|
||||
provider = "digitalocean"
|
||||
|
||||
server_name = "my-agent"
|
||||
droplet_size_digitalocean = "s-2vcpu-4gb"
|
||||
region_digitalocean = "nyc3"
|
||||
|
||||
# These come from environment:
|
||||
# TF_VAR_do_token
|
||||
# TF_VAR_venice_api_key
|
||||
# TF_VAR_ssh_key_fingerprints
|
||||
```
|
||||
|
||||
### Droplet Sizes
|
||||
|
||||
| Size | vCPU | RAM | Disk | Price |
|
||||
|------|------|-----|------|-------|
|
||||
| s-1vcpu-2gb | 1 | 2 GB | 50 GB | $12/mo |
|
||||
| **s-2vcpu-4gb** | 2 | 4 GB | 80 GB | **$24/mo** (recommended) |
|
||||
| s-2vcpu-8gb | 2 | 8 GB | 160 GB | $48/mo |
|
||||
| s-4vcpu-8gb | 4 | 8 GB | 160 GB | $64/mo |
|
||||
|
||||
The s-2vcpu-4gb is the sweet spot for OpenClaw.
|
||||
|
||||
## Deploy
|
||||
|
||||
```bash
|
||||
# Load secrets
|
||||
source .env
|
||||
|
||||
# Initialize (first time only)
|
||||
terraform init
|
||||
|
||||
# Preview changes
|
||||
terraform plan
|
||||
|
||||
# Deploy
|
||||
terraform apply
|
||||
```
|
||||
|
||||
## Post-Deployment
|
||||
|
||||
Terraform outputs:
|
||||
|
||||
```
|
||||
server_ip = "123.45.67.89"
|
||||
ssh_command = "ssh openclaw@123.45.67.89" # or "ssh hermes@123.45.67.89" for Hermes
|
||||
```
|
||||
|
||||
### Connect
|
||||
|
||||
```bash
|
||||
# Username is 'openclaw' or 'hermes' depending on framework
|
||||
ssh <USERNAME>@123.45.67.89
|
||||
```
|
||||
|
||||
### Run OpenClaw Onboarding
|
||||
|
||||
```bash
|
||||
openclaw onboard --install-daemon
|
||||
```
|
||||
|
||||
## Firewall Rules
|
||||
|
||||
OpenBoatmobile creates a DigitalOcean firewall with:
|
||||
|
||||
| Direction | Port | Source |
|
||||
|-----------|------|--------|
|
||||
| Inbound | 22 (SSH) | Configured IPs |
|
||||
| Outbound | All | Any |
|
||||
|
||||
To restrict SSH to your IP:
|
||||
|
||||
```bash
|
||||
TF_VAR_ssh_allowed_ips='["your.public.ip/32"]'
|
||||
```
|
||||
|
||||
## Cleanup
|
||||
|
||||
```bash
|
||||
terraform destroy
|
||||
```
|
||||
|
||||
## Troubleshooting
|
||||
|
||||
### "SSH Key fingerprint not found"
|
||||
|
||||
- Use the fingerprint, not the name
|
||||
- The fingerprint is shown in DO Console under Security
|
||||
- Make sure there are no extra spaces
|
||||
|
||||
### "API Token invalid"
|
||||
|
||||
- Regenerate the token
|
||||
- Copy immediately (shown only once)
|
||||
- Check for trailing spaces in `.env`
|
||||
|
||||
### Droplet created but can't SSH
|
||||
|
||||
- Wait 2-3 minutes for cloud-init
|
||||
- Verify your key fingerprint is correct
|
||||
- Check firewall allows your IP
|
||||
|
||||
### "Rate limit exceeded"
|
||||
|
||||
- DO has API rate limits
|
||||
- Wait a few minutes and retry
|
||||
- Use `terraform plan` sparingly before `apply`
|
||||
Loading…
Add table
Add a link
Reference in a new issue